-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Auto unlock not working with sssd #239
Comments
After changing auth section in /etc/pam.d/system-login to
(move "auth optional pam_fscrypt.so" before "auth include system-auth") is working as expected |
@hadogenes I tried your fix (of moving pam_facrypt before system-auth) but that caused autounlocking to fail for me. I'm also on Arch Linux, so it seems weird that it would work for you and fail for me. |
Ok, after some testing I finally find it system-login as wiki says
but the system-auth
(change pam_unix.so to sufficient and pam_sss.so to required) Now the fscrypt works for sssd users, but don't work for local users (in my case only root) |
This makes sense (and is behaving "as expected"). However, I am worried about how brittle the PAM configurations can be. Closing this, but improving this story is tracked in #95 |
With new pam version
|
I used these instructions (on manjaro)
but the auto unlock feature does not work yet.
Auto unlocking after login works only for local users.
This is probably due to some pam issue.
Here is /etc/pam.d/system-login
/etc/pam.d/system-auth
/etc/pam.d/passwd
/etc/pam.d/fscrypt
I had to add line "auth sufficient pam_sss.so", because the fscrypt encrypt wouldn't work
journalctl -f | grep fscrypt
The text was updated successfully, but these errors were encountered: